Israel’s security services are pulling in spyware companies, including the maker of the controversial Pegasus software, to help track hostages in the Gaza Strip, people familiar with the matter said.
NSO Group and Candiru, both of which are blacklisted by the US, are being asked to quickly upgrade their spyware capabilities to meet needs laid out by the country’s security forces, according to four cybersecurity industry sources and an Israeli government official. They, together with several other software firms, are collaborating on the requests and largely offering their services for free, said the people, who asked not to be identified because of they weren’t authorized to comment on military operations.
The Defense Ministry didn’t immediately respond to requests for comment. The Israel Defense Forces and NSO, which makes Pegasus, declined to comment.
Candiru is ready to assist the war effort in any way needed, the company said in a statement Thursday, without elaborating.
More than 200 people, including many foreigners, are captive in Gaza. While Israel in recent years has gone to great lengths to ensure the return of hostages, the violence of this month’s surprise attacks has led to broad support for an invasion. Western governments are pushing for more negotiations, and US President Joe Biden cited the safety of hostages on Wednesday as one reason he asked Prime Minister Benjamin Netanyahu to pause a ground offensive.
Israel has been discussing hostage rescue possibilities with other governments, which have offered intelligence and expertise on how to extract people if diplomatic efforts via Qatar and Egypt fall through, according to separate people familiar with the discussions.
Of the hostages, more than half have foreign passports, including agricultural workers, visitors and people with dual citizenship. Four hostages have been freed since the fighting began.
More than 1,400 Israelis, mostly civilians, have been killed in the Israel-Hamas war that started with the Oct. 7 attacks. The surprise assault by Hamas, which is designated as a terrorist organization by the US and European Union, marked the deadliest-ever strike on Israel. They also were a stunning intelligence failure for the country vaunted for its surveillance and cybersecurity prowess.
Israel has responded with heavy air bombardments on Gaza, killing thousands of Palestinians according to the Health Ministry in the Hamas-run enclave. Israel is widely expected to launch a ground invasion.
Israeli newspaper Haaretz, which first reported the involvement of these companies, said surveillance companies Rayzone and Paragon were also assisting.
Though Israel has never publicly severed ties with NSO and Candiru, the Israel Defense Forces dismissed some of their employees from military reserve duty after the firms were sanctioned in the US for helping authoritarian regimes track journalists and dissidents.
NSO’s Pegasus software is sold to governments and law enforcement agencies, which use it to hack into mobile phones and covertly record emails, phone calls and text messages. Amnesty International, Citizen Lab and Forensic Architecture in 2021 documented the use of the spyware in more than 60 cases to target government critics in countries including Rwanda, Togo, Spain, the United Arab Emirates, Saudi Arabia, Mexico, Morocco and India.
The US Commerce Department blacklisted NSO and Candiru that year, banning them from receiving export contracts from American companies. That led Israel to significantly curtail the number of countries where these technologies could legally be sold.
Now the government may rethink its approach to these firms, according to Gabi Siboni, a colonel in the reserves and expert on cyber security and military strategy at the Jerusalem Institute for Strategy and Security.
“There will have to be a change in how Israel relates to offensive cyber,” Siboni said. “I expect there will be more budget alloted to this sector.”
(Published 27 October 2023, 04:42 IST)